Allow ironic services to use independent hostnames

This allows ironic service endpoints to use custom hostnames, and adds the following variables: * ironic_internal_fqdn * ironic_external_fqdn * ironic_inspector_internal_fqdn * ironic_inspector_external_fqdn These default to the old values of kolla_internal_fqdn or kolla_external_fqdn. This also adds ironic_api_listen_port and ironic_inspector_listen_port options, which default to ironic_api_port and ironic_inspector_port for backward compatibility. These options allow the user to differentiate between the port the service listens on, and the port the service is reachable on. This is useful for external load balancers which live on the same host as the service itself. Change-Id: I45b175e85866b4cfecad8451b202a5a27f888a84 Implements: blueprint service-hostnames
2018-12-27 15:31:04 -05:00 · 2018-12-27 15:31:04 -05:00 · d1d1837c25
parent 31ed556e67
commit d1d1837c25
8 changed files with 24 additions and 13 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -241,8 +241,14 @@ horizon_port: "80"
 influxdb_admin_port: "8083"
 influxdb_http_port: "8086"
 ironic_internal_fqdn: "{{ kolla_internal_fqdn }}"
 ironic_external_fqdn: "{{ kolla_external_fqdn }}"
 ironic_api_port: "6385"
 ironic_api_listen_port: "{{ ironic_api_port }}"
 ironic_inspector_internal_fqdn: "{{ kolla_internal_fqdn }}"
 ironic_inspector_external_fqdn: "{{ kolla_external_fqdn }}"
 ironic_inspector_port: "5050"
 ironic_inspector_listen_port: "{{ ironic_inspector_port }}"
 ironic_ipxe_port: "8089"
 iscsi_port: "3260"
--- a/ansible/roles/ironic/defaults/main.yml
+++ b/ansible/roles/ironic/defaults/main.yml
@ -19,11 +19,13 @@ ironic_services:
        mode: "http"
        external: false
        port: "{{ ironic_api_port }}"
        listen_port: "{{ ironic_api_listen_port }}"
      ironic_api_external:
        enabled: "{{ enable_ironic }}"
        mode: "http"
        external: true
        port: "{{ ironic_api_port }}"
        listen_port: "{{ ironic_api_listen_port }}"
  ironic-conductor:
    container_name: ironic_conductor
    group: ironic-conductor
@ -62,11 +64,13 @@ ironic_services:
        mode: "http"
        external: false
        port: "{{ ironic_inspector_port }}"
        listen_port: "{{ ironic_inspector_listen_port }}"
      ironic_inspector_external:
        enabled: "{{ enable_ironic }}"
        mode: "http"
        external: true
        port: "{{ ironic_inspector_port }}"
        listen_port: "{{ ironic_inspector_listen_port }}"
  ironic-pxe:
    container_name: ironic_pxe
    group: ironic-pxe
@ -154,13 +158,13 @@ ironic_dnsmasq_dimensions: "{{ default_container_dimensions }}"
 ####################
 ironic_inspector_keystone_user: "ironic-inspector"
-ironic_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}"
+ironic_admin_endpoint: "{{ admin_protocol }}://{{ ironic_internal_fqdn }}:{{ ironic_api_port }}"
-ironic_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}"
+ironic_internal_endpoint: "{{ internal_protocol }}://{{ ironic_internal_fqdn }}:{{ ironic_api_port }}"
-ironic_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ ironic_api_port }}"
+ironic_public_endpoint: "{{ public_protocol }}://{{ ironic_external_fqdn }}:{{ ironic_api_port }}"
-ironic_inspector_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_inspector_port }}"
+ironic_inspector_admin_endpoint: "{{ admin_protocol }}://{{ ironic_inspector_internal_fqdn }}:{{ ironic_inspector_port }}"
-ironic_inspector_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_inspector_port }}"
+ironic_inspector_internal_endpoint: "{{ internal_protocol }}://{{ ironic_inspector_internal_fqdn }}:{{ ironic_inspector_port }}"
-ironic_inspector_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ ironic_inspector_port }}"
+ironic_inspector_public_endpoint: "{{ public_protocol }}://{{ ironic_inspector_external_fqdn }}:{{ ironic_inspector_port }}"
 ironic_logging_debug: "{{ openstack_logging_debug }}"
--- a/ansible/roles/ironic/tasks/precheck.yml
+++ b/ansible/roles/ironic/tasks/precheck.yml
@ -10,7 +10,7 @@
 - name: Checking free port for Ironic API
  wait_for:
    host: "{{ api_interface_address }}"
-    port: "{{ ironic_api_port }}"
+    port: "{{ ironic_api_listen_port }}"
    connect_timeout: 1
    timeout: 1
    state: stopped
@ -21,7 +21,7 @@
 - name: Checking free port for Ironic Inspector
  wait_for:
    host: "{{ api_interface_address }}"
-    port: "{{ ironic_inspector_port }}"
+    port: "{{ ironic_inspector_listen_port }}"
    connect_timeout: 1
    timeout: 1
    state: stopped
--- a/ansible/roles/ironic/templates/inspector.ipxe.j2
+++ b/ansible/roles/ironic/templates/inspector.ipxe.j2
@ -13,6 +13,6 @@ chain pxelinux.cfg/${mac:hexhyp} || goto inspector_ipa
 :inspector_ipa
 :retry_boot
 imgfree
-kernel --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.kernel ipa-inspection-callback-url=http://{{ kolla_internal_vip_address }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=agent.ramdisk {{ ironic_inspector_kernel_cmdline_extras | join(' ') }} || goto retry_boot
+kernel --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.kernel ipa-inspection-callback-url=http://{{ ironic_inspector_internal_fqdn }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=agent.ramdisk {{ ironic_inspector_kernel_cmdline_extras | join(' ') }} || goto retry_boot
 initrd --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.initramfs || goto retry_boot
 boot
--- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
@ -6,7 +6,7 @@ log_dir = /var/log/kolla/ironic-inspector
 auth_strategy = noauth
 {% endif %}
 listen_address = {{ api_interface_address }}
-listen_port = {{ ironic_inspector_port }}
+listen_port = {{ ironic_inspector_listen_port }}
 transport_url = {{ rpc_transport_url }}
 [oslo_messaging_notifications]
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@ -30,12 +30,13 @@ policy_file = {{ ironic_policy_file }}
 {% if service_name == 'ironic-api' %}
 [api]
 host_ip = {{ api_interface_address }}
 port = {{ ironic_api_listen_port }}
 api_workers = {{ openstack_service_workers }}
 {% endif %}
 {% if service_name == 'ironic-conductor' %}
 [conductor]
-api_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}
+api_url = {{ internal_protocol }}://{{ ironic_internal_fqdn }}:{{ ironic_api_port }}
 automated_clean=false
 {% endif %}
--- a/ansible/roles/ironic/templates/pxelinux.default.j2
+++ b/ansible/roles/ironic/templates/pxelinux.default.j2
@ -2,6 +2,6 @@ default introspect
 label introspect
 kernel ironic-agent.kernel
-append initrd=ironic-agent.initramfs ipa-inspection-callback-url=http://{{ kolla_internal_vip_address }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes {{ ironic_inspector_kernel_cmdline_extras | join(' ') }}
+append initrd=ironic-agent.initramfs ipa-inspection-callback-url=http://{{ ironic_inspector_internal_fqdn }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes {{ ironic_inspector_kernel_cmdline_extras | join(' ') }}
 ipappend 3
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@ -118,7 +118,7 @@ auth_type = password
 project_name = service
 user_domain_name = {{ default_user_domain_name }}
 project_domain_name = {{ default_project_domain_name }}
-api_endpoint = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}/v1
+api_endpoint = {{ internal_protocol }}://{{ ironic_internal_fqdn }}:{{ ironic_api_port }}/v1
 {% endif %}
 [oslo_middleware]